Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
codesonor
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
codesonor
AI-Powered GitHub Repository Analyzer - 8 LLM providers, Code Archaeology, Team DNA, Dependency Risk, ML Forecasting, Cross-Repo Learning, and 7 more unique features
- Version
- 0.5.0
- Maintainers
- 1
CodeSonor CLI 🔍
AI-Powered GitHub Repository Analyzer with Multi-LLM Support
Analyze any GitHub repository with AI-powered insights. Choose from 8 different AI providers!
🚀 Installation
Basic (includes Gemini)
pip install codesonor
With Specific Provider
pip install codesonor[openai] # OpenAI GPT
pip install codesonor[anthropic] # Anthropic Claude
pip install codesonor[mistral] # Mistral AI
pip install codesonor[groq] # Groq (fastest)
pip install codesonor[all-llm] # All providers
🤖 Supported AI Providers
| Provider | Free Tier | Speed | Get API Key |
|---|---|---|---|
| Gemini ⭐ | ✅ Yes | Fast | Get Key |
| OpenAI | ❌ Paid | Medium | Get Key |
| Claude | ❌ Paid | Fast | Get Key |
| Mistral | ❌ Paid | Fast | Get Key |
| Groq ⚡ | ✅ Yes | Ultra-fast | Get Key |
| OpenRouter 🌐 | 💳 Pay-per-use | Fast | Get Key |
| xAI Grok | ❌ Paid | Fast | Get Key |
| Ollama 🆓 | ✅ FREE | Medium | Download |
⭐ Default | ⚡ Fastest | 🌐 100+ models | 🆓 Local & FREE
⚙️ Configuration
One-Time Setup (Recommended)
codesonor setup
This interactive wizard will:
- ✅ Let you choose your AI provider
- ✅ Guide you to get the API key
- ✅ Save everything to
~/.codesonor/config.json - ✅ Never ask again!
Check Your Configuration
codesonor config
Alternative Methods
Environment Variables (if you prefer):
# Windows (PowerShell)
$env:GEMINI_API_KEY = "your_key"
$env:GITHUB_TOKEN = "your_token"
# Linux/Mac
export GEMINI_API_KEY="your_key"
export GITHUB_TOKEN="your_token"
Per-Command (override saved config):
codesonor analyze URL --gemini-key YOUR_KEY --github-token YOUR_TOKEN
📖 Usage
Full Analysis with AI
codesonor analyze https://github.com/owner/repo
Quick Summary (No AI)
codesonor summary https://github.com/owner/repo
Advanced Options
# Skip AI analysis (faster)
codesonor analyze https://github.com/owner/repo --no-ai
# Limit number of files analyzed
codesonor analyze https://github.com/owner/repo --max-files 200
# Export results as JSON
codesonor analyze https://github.com/owner/repo --json-output results.json
📊 Example Output
╭─────────────────────────────────────────────────╮
│ CodeSonor Analysis: awesome-project │
╰─────────────────────────────────────────────────╯
Repository Information
┏━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Field ┃ Value ┃
┡━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ Owner │ awesome-owner │
│ Repository │ awesome-project │
│ Stars │ 1,234 │
│ Forks │ 567 │
│ Language │ Python │
└────────────┴────────────────────────────────┘
Language Distribution
┏━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━┓
┃ Language ┃ Files ┃ % ┃
┡━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━┩
│ Python │ 45 │ 78.5% │
│ JavaScript │ 8 │ 14.0% │
│ CSS │ 4 │ 7.0% │
│ HTML │ 1 │ 0.5% │
└────────────┴──────────┴────────┘
🤖 AI-Generated Summary
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
This repository implements a modern web application
framework with clean architecture and comprehensive
testing. Key features include...
🎯 Features
- 🤖 AI Analysis: Get intelligent insights about repository purpose, architecture, and key features
- 📊 Language Stats: Detailed breakdown of programming languages used
- 📁 Smart Filtering: Automatically skips common directories (node_modules, dist, build)
- ⚡ Performance: File limits and optimizations for fast analysis
- 🎨 Beautiful Output: Rich terminal formatting with colors and tables
- 💾 Export Options: Save results as JSON for further processing
🛠️ Development
Install with development dependencies:
pip install codesonor[dev]
Run tests:
pytest
📦 Web App Version
CodeSonor also comes with a Flask web application. To use it:
# Install with web dependencies
pip install codesonor[web]
# Clone the repository for web app files
git clone https://github.com/farhanmir/CodeSonor.git
cd CodeSonor
# Run the web server
python app.py
Visit http://localhost:5000 in your browser.
🤝 Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
👤 Author
Farhan Mir
- GitHub: @farhanmir
🙏 Acknowledgments
- Powered by Google Gemini AI
- Built with Python, Click, and Rich
- GitHub REST API v3
Note: This tool analyzes public repositories. Ensure you have appropriate permissions before analyzing private repositories.
Keywords
FAQs
AI-Powered GitHub Repository Analyzer - 8 LLM providers, Code Archaeology, Team DNA, Dependency Risk, ML Forecasting, Cross-Repo Learning, and 7 more unique features
We found that codesonor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026